One Community Health Data Breach Exposes Patient PII & PHI

One Community Health, a nonprofit health center based in Sacramento, Calif., is notifying patients of a significant data breach involving its business partner, TriZetto Provider Solutions. The incident has potentially compromised sensitive personal and health information of an undisclosed number of individuals.

The data breach originated with TriZetto Provider Solutions, a health insurance clearinghouse that One Community Health uses to process insurance eligibility and claims. On Oct. 2, 2025, TriZetto discovered suspicious activity within a web portal used by some of its healthcare provider clients. Following an immediate investigation with external cybersecurity experts from Mandiant and law enforcement, it was determined that an unauthorized individual accessed certain historical eligibility transaction reports stored on TriZetto’s system between November 2024 and Oct. 2, 2025.

The exposed information varies by individual but may include names of patients and primary insureds, addresses, dates of birth, Social Security numbers, health insurance member numbers (and in some cases, Medicare beneficiary numbers), health insurer names, information about the primary insured or beneficiary, and other demographic, medical and health insurance information.

While the exact number of affected individuals has not been disclosed, the breach is considered severe due to the sensitive nature of both PII and PHI involved and the extended period during which unauthorized access occurred; nearly a full year. TriZetto has confirmed that there has been no unauthorized activity in its environment since Oct. 2, 2025.

One Community Health posted a detailed notice of the data security incident on its website on December 19, 2025.

One Community Health's response

After learning of the breach, TriZetto immediately launched an investigation, engaged cybersecurity experts, and notified law enforcement. The company took steps to eliminate the threat and secure its systems. TriZetto also confirmed with investigators that no further unauthorized activity has occurred since the incident was discovered.

To help those affected, TriZetto is offering complimentary credit monitoring, fraud consultation, and identity theft restoration services through Kroll.

If you receive notification from One Community Health or TriZetto Provider Solutions about this breach, you may want to:

• Sign up for the free identity theft protection services offered by the company.
• Monitor your credit reports and financial accounts for any unusual activity.
• Be alert for phishing emails or phone calls that may use your exposed information.
• Consider placing a fraud alert or credit freeze with major credit bureaus.

For questions about this incident, patients can contact Amaz-Linda Affi, RHIT, CHPS, Privacy Manager, at 916-269-8935 or aaffi@onecommunityhealth.com, or Rob P. Colon-Torres, Chief Compliance Officer, at 916-443-3299 or rtorres@onecommunityhealth.com.